rdelaage
/
postgresql
mirror of https://git.postgresql.org/git/postgresql.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Add USER SET parameter values for pg_db_role_setting 

The USER SET flag specifies that the variable should be set on behalf of an
ordinary role.  That lets ordinary roles set placeholder variables, which
permission requirements are not known yet.  Such a value wouldn't be used if
the variable finally appear to require superuser privileges.

The new flags are stored in the pg_db_role_setting.setuser array.  Catversion
is bumped.

This commit is inspired by the previous work by Steve Chavez.

Discussion: https://postgr.es/m/CAPpHfdsLd6E--epnGqXENqLP6dLwuNZrPMcNYb3wJ87WR7UBOQ%40mail.gmail.com
Author: Alexander Korotkov, Steve Chavez
Reviewed-by: Pavel Borisov, Steve Chavez
This commit is contained in:
Alexander Korotkov 2022-12-09 13:12:20 +03:00
parent 5defdef8aa
commit 096dd80f3c
34 changed files with 680 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
doc/src/sgml/catalogs.sgml
View File

@ -3194,6 +3194,16 @@ SCRAM-SHA-256$<replaceable>&lt;iteration count&gt;</replaceable>:<replaceable>&l
Defaults for run-time configuration variables Defaults for run-time configuration variables
</para></entry> </para></entry>
</row> </row>
<row>
<entry role="catalog_table_entry"><para role="column_definition">
<structfield>setuser</structfield> <type>bool[]</type>
</para>
<para>
Values of <link linkend="sql-alterrole-user-set"><literal>USER SET</literal></link>
flag for every setting in <structfield>setconfig</structfield>
</para></entry>
</row>
</tbody> </tbody>
</tgroup> </tgroup>
</table> </table>

15
doc/src/sgml/ref/alter_database.sgml
View File

@ -37,7 +37,7 @@ ALTER DATABASE <replaceable class="parameter">name</replaceable> SET TABLESPACE
ALTER DATABASE <replaceable class="parameter">name</replaceable> REFRESH COLLATION VERSION ALTER DATABASE <replaceable class="parameter">name</replaceable> REFRESH COLLATION VERSION
ALTER DATABASE <replaceable class="parameter">name</replaceable> SET <replaceable>configuration_parameter</replaceable> { TO | = } { <replaceable>value</replaceable> | DEFAULT } ALTER DATABASE <replaceable class="parameter">name</replaceable> SET <replaceable>configuration_parameter</replaceable> { TO | = } { <replaceable>value</replaceable> | <replaceable>value</replaceable> USER SET | DEFAULT }
ALTER DATABASE <replaceable class="parameter">name</replaceable> SET <replaceable>configuration_parameter</replaceable> FROM CURRENT ALTER DATABASE <replaceable class="parameter">name</replaceable> SET <replaceable>configuration_parameter</replaceable> FROM CURRENT
ALTER DATABASE <replaceable class="parameter">name</replaceable> RESET <replaceable>configuration_parameter</replaceable> ALTER DATABASE <replaceable class="parameter">name</replaceable> RESET <replaceable>configuration_parameter</replaceable>
ALTER DATABASE <replaceable class="parameter">name</replaceable> RESET ALL ALTER DATABASE <replaceable class="parameter">name</replaceable> RESET ALL
@ -206,6 +206,19 @@ ALTER DATABASE <replaceable class="parameter">name</replaceable> RESET ALL
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><literal>USER SET</literal></term>
<listitem>
<para>
Specifies that variable should be set on behalf of ordinary role.
That lets non-superuser and non-replication role to set placeholder
variables, with permission requirements is not known yet;
see <xref linkend="runtime-config-custom"/>. The variable won't
be set if it appears to require superuser privileges.
</para>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</refsect1> </refsect1>

22
doc/src/sgml/ref/alter_role.sgml
View File

@ -38,7 +38,7 @@ ALTER ROLE <replaceable class="parameter">role_specification</replaceable> [ WIT
ALTER ROLE <replaceable class="parameter">name</replaceable> RENAME TO <replaceable>new_name</replaceable> ALTER ROLE <replaceable class="parameter">name</replaceable> RENAME TO <replaceable>new_name</replaceable>
ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] SET <replaceable>configuration_parameter</replaceable> { TO | = } { <replaceable>value</replaceable> | DEFAULT } ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] SET <replaceable>configuration_parameter</replaceable> { TO | = } { <replaceable>value</replaceable> | <replaceable>value</replaceable> USER SET | DEFAULT }
ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] SET <replaceable>configuration_parameter</replaceable> FROM CURRENT ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] SET <replaceable>configuration_parameter</replaceable> FROM CURRENT
ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] RESET <replaceable>configuration_parameter</replaceable> ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] RESET <replaceable>configuration_parameter</replaceable>
ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] RESET ALL ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] RESET ALL
@ -234,6 +234,19 @@ ALTER ROLE { <replaceable class="parameter">role_specification</replaceable> | A
</para> </para>
</listitem> </listitem>
</varlistentry> </varlistentry>
<varlistentry id="sql-alterrole-user-set">
<term><literal>USER SET</literal></term>
<listitem>
<para>
Specifies that variable should be set on behalf of ordinary role.
That lets non-superuser and non-replication role to set placeholder
variables, with permission requirements is not known yet;
see <xref linkend="runtime-config-custom"/>. The variable won't
be set if it appears to require superuser privileges.
</para>
</listitem>
</varlistentry>
</variablelist> </variablelist>
</refsect1> </refsect1>
@ -329,6 +342,13 @@ ALTER ROLE worker_bee SET maintenance_work_mem = 100000;
<programlisting> <programlisting>
ALTER ROLE fred IN DATABASE devel SET client_min_messages = DEBUG; ALTER ROLE fred IN DATABASE devel SET client_min_messages = DEBUG;
</programlisting></para>
<para>
Give a role a non-default placeholder setting on behalf of ordinary user:
<programlisting>
ALTER ROLE fred SET my.param = 'value' USER SET;
</programlisting></para> </programlisting></para>
</refsect1> </refsect1>

2
doc/src/sgml/ref/alter_user.sgml
View File

@ -38,7 +38,7 @@ ALTER USER <replaceable class="parameter">role_specification</replaceable> [ WIT
ALTER USER <replaceable class="parameter">name</replaceable> RENAME TO <replaceable>new_name</replaceable> ALTER USER <replaceable class="parameter">name</replaceable> RENAME TO <replaceable>new_name</replaceable>
ALTER USER { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] SET <replaceable>configuration_parameter</replaceable> { TO | = } { <replaceable>value</replaceable> | DEFAULT } ALTER USER { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] SET <replaceable>configuration_parameter</replaceable> { TO | = } { <replaceable>value</replaceable> | <replaceable>value</replaceable> USER SET | DEFAULT }
ALTER USER { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] SET <replaceable>configuration_parameter</replaceable> FROM CURRENT ALTER USER { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] SET <replaceable>configuration_parameter</replaceable> FROM CURRENT
ALTER USER { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] RESET <replaceable>configuration_parameter</replaceable> ALTER USER { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] RESET <replaceable>configuration_parameter</replaceable>
ALTER USER { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] RESET ALL ALTER USER { <replaceable class="parameter">role_specification</replaceable> | ALL } [ IN DATABASE <replaceable class="parameter">database_name</replaceable> ] RESET ALL

7
doc/src/sgml/ref/psql-ref.sgml
View File

@ -1897,6 +1897,13 @@ INSERT INTO tbl1 VALUES ($1, $2) \bind 'first value' 'second value' \g
commands are used to define per-role and per-database configuration commands are used to define per-role and per-database configuration
settings. settings.
</para> </para>
<para>
Since <productname>PostgreSQL</productname> 16 the output includes
column with the values of
<link linkend="sql-alterrole-user-set"><literal>USER SET</literal></link>
flag for each setting.
</para>
</listitem> </listitem>
</varlistentry> </varlistentry>

46
src/backend/catalog/pg_db_role_setting.c
View File

@ -63,14 +63,23 @@ AlterSetting(Oid databaseid, Oid roleid, VariableSetStmt *setstmt)
if (HeapTupleIsValid(tuple)) if (HeapTupleIsValid(tuple))
{ {
ArrayType *new = NULL; ArrayType *new = NULL;
ArrayType *usersetArray;
Datum datum; Datum datum;
Datum usersetDatum;
bool isnull; bool isnull;
bool usersetIsnull;
datum = heap_getattr(tuple, Anum_pg_db_role_setting_setconfig, datum = heap_getattr(tuple, Anum_pg_db_role_setting_setconfig,
RelationGetDescr(rel), &isnull); RelationGetDescr(rel), &isnull);
usersetDatum = heap_getattr(tuple, Anum_pg_db_role_setting_setuser,
RelationGetDescr(rel), &usersetIsnull);
if (!isnull) if (!isnull)
new = GUCArrayReset(DatumGetArrayTypeP(datum)); {
Assert(!usersetIsnull);
usersetArray = DatumGetArrayTypeP(usersetDatum);
new = GUCArrayReset(DatumGetArrayTypeP(datum), &usersetArray);
}
if (new) if (new)
{ {
@ -86,6 +95,11 @@ AlterSetting(Oid databaseid, Oid roleid, VariableSetStmt *setstmt)
repl_repl[Anum_pg_db_role_setting_setconfig - 1] = true; repl_repl[Anum_pg_db_role_setting_setconfig - 1] = true;
repl_null[Anum_pg_db_role_setting_setconfig - 1] = false; repl_null[Anum_pg_db_role_setting_setconfig - 1] = false;
repl_val[Anum_pg_db_role_setting_setuser - 1] =
PointerGetDatum(usersetArray);
repl_repl[Anum_pg_db_role_setting_setuser - 1] = true;
repl_null[Anum_pg_db_role_setting_setuser - 1] = false;
newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel), newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel),
repl_val, repl_null, repl_repl); repl_val, repl_null, repl_repl);
CatalogTupleUpdate(rel, &tuple->t_self, newtuple); CatalogTupleUpdate(rel, &tuple->t_self, newtuple);
@ -101,28 +115,39 @@ AlterSetting(Oid databaseid, Oid roleid, VariableSetStmt *setstmt)
bool repl_repl[Natts_pg_db_role_setting]; bool repl_repl[Natts_pg_db_role_setting];
HeapTuple newtuple; HeapTuple newtuple;
Datum datum; Datum datum;
Datum usersetDatum;
bool isnull; bool isnull;
bool usersetIsnull;
ArrayType *a; ArrayType *a;
ArrayType *usersetArray;
memset(repl_repl, false, sizeof(repl_repl)); memset(repl_repl, false, sizeof(repl_repl));
repl_repl[Anum_pg_db_role_setting_setconfig - 1] = true; repl_repl[Anum_pg_db_role_setting_setconfig - 1] = true;
repl_null[Anum_pg_db_role_setting_setconfig - 1] = false; repl_null[Anum_pg_db_role_setting_setconfig - 1] = false;
repl_repl[Anum_pg_db_role_setting_setuser - 1] = true;
repl_null[Anum_pg_db_role_setting_setuser - 1] = false;
/* Extract old value of setconfig */ /* Extract old values of setconfig and setuser */
datum = heap_getattr(tuple, Anum_pg_db_role_setting_setconfig, datum = heap_getattr(tuple, Anum_pg_db_role_setting_setconfig,
RelationGetDescr(rel), &isnull); RelationGetDescr(rel), &isnull);
a = isnull ? NULL : DatumGetArrayTypeP(datum); a = isnull ? NULL : DatumGetArrayTypeP(datum);
usersetDatum = heap_getattr(tuple, Anum_pg_db_role_setting_setuser,
RelationGetDescr(rel), &usersetIsnull);
usersetArray = usersetIsnull ? NULL : DatumGetArrayTypeP(usersetDatum);
/* Update (valuestr is NULL in RESET cases) */ /* Update (valuestr is NULL in RESET cases) */
if (valuestr) if (valuestr)
a = GUCArrayAdd(a, setstmt->name, valuestr); a = GUCArrayAdd(a, &usersetArray, setstmt->name, valuestr, setstmt->user_set);
else else
a = GUCArrayDelete(a, setstmt->name); a = GUCArrayDelete(a, &usersetArray, setstmt->name);
if (a) if (a)
{ {
repl_val[Anum_pg_db_role_setting_setconfig - 1] = repl_val[Anum_pg_db_role_setting_setconfig - 1] =
PointerGetDatum(a); PointerGetDatum(a);
repl_val[Anum_pg_db_role_setting_setuser - 1] =
PointerGetDatum(usersetArray);
newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel), newtuple = heap_modify_tuple(tuple, RelationGetDescr(rel),
repl_val, repl_null, repl_repl); repl_val, repl_null, repl_repl);
@ -137,16 +162,18 @@ AlterSetting(Oid databaseid, Oid roleid, VariableSetStmt *setstmt)
HeapTuple newtuple; HeapTuple newtuple;
Datum values[Natts_pg_db_role_setting]; Datum values[Natts_pg_db_role_setting];
bool nulls[Natts_pg_db_role_setting]; bool nulls[Natts_pg_db_role_setting];
ArrayType *a; ArrayType *a,
*usersetArray;
memset(nulls, false, sizeof(nulls)); memset(nulls, false, sizeof(nulls));
a = GUCArrayAdd(NULL, setstmt->name, valuestr); a = GUCArrayAdd(NULL, &usersetArray, setstmt->name, valuestr, setstmt->user_set);
values[Anum_pg_db_role_setting_setdatabase - 1] = values[Anum_pg_db_role_setting_setdatabase - 1] =
ObjectIdGetDatum(databaseid); ObjectIdGetDatum(databaseid);
values[Anum_pg_db_role_setting_setrole - 1] = ObjectIdGetDatum(roleid); values[Anum_pg_db_role_setting_setrole - 1] = ObjectIdGetDatum(roleid);
values[Anum_pg_db_role_setting_setconfig - 1] = PointerGetDatum(a); values[Anum_pg_db_role_setting_setconfig - 1] = PointerGetDatum(a);
values[Anum_pg_db_role_setting_setuser - 1] = PointerGetDatum(usersetArray);
newtuple = heap_form_tuple(RelationGetDescr(rel), values, nulls); newtuple = heap_form_tuple(RelationGetDescr(rel), values, nulls);
CatalogTupleInsert(rel, newtuple); CatalogTupleInsert(rel, newtuple);
@ -240,20 +267,25 @@ ApplySetting(Snapshot snapshot, Oid databaseid, Oid roleid,
while (HeapTupleIsValid(tup = systable_getnext(scan))) while (HeapTupleIsValid(tup = systable_getnext(scan)))
{ {
bool isnull; bool isnull;
bool usersetIsnull;
Datum datum; Datum datum;
Datum usersetDatum;
datum = heap_getattr(tup, Anum_pg_db_role_setting_setconfig, datum = heap_getattr(tup, Anum_pg_db_role_setting_setconfig,
RelationGetDescr(relsetting), &isnull); RelationGetDescr(relsetting), &isnull);
usersetDatum = heap_getattr(tup, Anum_pg_db_role_setting_setuser,
RelationGetDescr(relsetting), &usersetIsnull);
if (!isnull) if (!isnull)
{ {
ArrayType *a = DatumGetArrayTypeP(datum); ArrayType *a = DatumGetArrayTypeP(datum);
ArrayType *usersetArray = DatumGetArrayTypeP(usersetDatum);
/* /*
* We process all the options at SUSET level. We assume that the * We process all the options at SUSET level. We assume that the
* right to insert an option into pg_db_role_setting was checked * right to insert an option into pg_db_role_setting was checked
* when it was inserted. * when it was inserted.
*/ */
ProcessGUCArray(a, PGC_SUSET, source, GUC_ACTION_SET); ProcessGUCArray(a, usersetArray, PGC_SUSET, source, GUC_ACTION_SET);
} }
} }

1
src/backend/catalog/pg_proc.c
View File

@ -698,6 +698,7 @@ ProcedureCreate(const char *procedureName,
{ {
save_nestlevel = NewGUCNestLevel(); save_nestlevel = NewGUCNestLevel();
ProcessGUCArray(set_items, ProcessGUCArray(set_items,
NULL,
(superuser() ? PGC_SUSET : PGC_USERSET), (superuser() ? PGC_SUSET : PGC_USERSET),
PGC_S_SESSION, PGC_S_SESSION,
GUC_ACTION_SAVE); GUC_ACTION_SAVE);

4
src/backend/commands/functioncmds.c
View File

@ -662,9 +662,9 @@ update_proconfig_value(ArrayType *a, List *set_items)
char *valuestr = ExtractSetVariableArgs(sstmt); char *valuestr = ExtractSetVariableArgs(sstmt);
if (valuestr) if (valuestr)
a = GUCArrayAdd(a, sstmt->name, valuestr); a = GUCArrayAdd(a, NULL, sstmt->name, valuestr, sstmt->user_set);
else /* RESET */ else /* RESET */
a = GUCArrayDelete(a, sstmt->name); a = GUCArrayDelete(a, NULL, sstmt->name);
} }
} }

20
src/backend/parser/gram.y
View File

@ -1621,6 +1621,26 @@ generic_set:
n->args = $3; n->args = $3;
$$ = n; $$ = n;
} }
| var_name TO var_list USER SET
{
VariableSetStmt *n = makeNode(VariableSetStmt);
n->kind = VAR_SET_VALUE;
n->name = $1;
n->args = $3;
n->user_set = true;
$$ = n;
}
| var_name '=' var_list USER SET
{
VariableSetStmt *n = makeNode(VariableSetStmt);
n->kind = VAR_SET_VALUE;
n->name = $1;
n->args = $3;
n->user_set = true;
$$ = n;
}
| var_name TO DEFAULT | var_name TO DEFAULT
{ {
VariableSetStmt *n = makeNode(VariableSetStmt); VariableSetStmt *n = makeNode(VariableSetStmt);

1
src/backend/utils/adt/arrayfuncs.c
View File

@ -3344,6 +3344,7 @@ construct_array_builtin(Datum *elems, int nelems, Oid elmtype)
switch (elmtype) switch (elmtype)
{ {
case CHAROID: case CHAROID:
case BOOLOID:
elmlen = 1; elmlen = 1;
elmbyval = true; elmbyval = true;
elmalign = TYPALIGN_CHAR; elmalign = TYPALIGN_CHAR;

1
src/backend/utils/fmgr/fmgr.c
View File

@ -706,6 +706,7 @@ fmgr_security_definer(PG_FUNCTION_ARGS)
if (fcache->proconfig) if (fcache->proconfig)
{ {
ProcessGUCArray(fcache->proconfig, ProcessGUCArray(fcache->proconfig,
NULL,
(superuser() ? PGC_SUSET : PGC_USERSET), (superuser() ? PGC_SUSET : PGC_USERSET),
PGC_S_SESSION, PGC_S_SESSION,
GUC_ACTION_SAVE); GUC_ACTION_SAVE);

161
src/backend/utils/misc/guc.c
View File

@ -225,7 +225,6 @@ static bool reporting_enabled; /* true to enable GUC_REPORT */
static int GUCNestLevel = 0; /* 1 when in main transaction */ static int GUCNestLevel = 0; /* 1 when in main transaction */
static int guc_var_compare(const void *a, const void *b); static int guc_var_compare(const void *a, const void *b);
static uint32 guc_name_hash(const void *key, Size keysize); static uint32 guc_name_hash(const void *key, Size keysize);
static int guc_name_match(const void *key1, const void *key2, Size keysize); static int guc_name_match(const void *key1, const void *key2, Size keysize);
@ -245,7 +244,7 @@ static void reapply_stacked_values(struct config_generic *variable,
GucContext curscontext, GucSource cursource, GucContext curscontext, GucSource cursource,
Oid cursrole); Oid cursrole);
static bool validate_option_array_item(const char *name, const char *value, static bool validate_option_array_item(const char *name, const char *value,
bool skipIfNoPermissions); bool user_set, bool skipIfNoPermissions);
static void write_auto_conf_file(int fd, const char *filename, ConfigVariable *head); static void write_auto_conf_file(int fd, const char *filename, ConfigVariable *head);
static void replace_auto_config_value(ConfigVariable **head_p, ConfigVariable **tail_p, static void replace_auto_config_value(ConfigVariable **head_p, ConfigVariable **tail_p,
const char *name, const char *value); const char *name, const char *value);
@ -6182,7 +6181,6 @@ ParseLongOption(const char *string, char **name, char **value)
{ {
*name = palloc(equal_pos + 1); *name = palloc(equal_pos + 1);
strlcpy(*name, string, equal_pos + 1); strlcpy(*name, string, equal_pos + 1);
*value = pstrdup(&string[equal_pos + 1]); *value = pstrdup(&string[equal_pos + 1]);
} }
else else
@ -6205,7 +6203,7 @@ ParseLongOption(const char *string, char **name, char **value)
* The array parameter must be an array of TEXT (it must not be NULL). * The array parameter must be an array of TEXT (it must not be NULL).
*/ */
void void
ProcessGUCArray(ArrayType *array, ProcessGUCArray(ArrayType *array, ArrayType *usersetArray,
GucContext context, GucSource source, GucAction action) GucContext context, GucSource source, GucAction action)
{ {
int i; int i;
@ -6218,6 +6216,7 @@ ProcessGUCArray(ArrayType *array,
for (i = 1; i <= ARR_DIMS(array)[0]; i++) for (i = 1; i <= ARR_DIMS(array)[0]; i++)
{ {
Datum d; Datum d;
Datum userSetDatum = BoolGetDatum(false);
bool isnull; bool isnull;
char *s; char *s;
char *name; char *name;
@ -6246,9 +6245,29 @@ ProcessGUCArray(ArrayType *array,
continue; continue;
} }
(void) set_config_option(name, value, if (usersetArray)
context, source, userSetDatum = array_ref(usersetArray, 1, &i,
action, true, 0, false); -1 /* varlenarray */ ,
sizeof(bool) /* BOOL's typlen */ ,
true /* BOOL's typbyval */ ,
TYPALIGN_CHAR /* BOOL's typalign */ ,
&isnull);
if (isnull)
userSetDatum = BoolGetDatum(false);
/*
* USER SET values are appliciable only for PGC_USERSET parameters. We
* use InvalidOid as role in order to evade possible privileges of the
* current user.
*/
if (!DatumGetBool(userSetDatum))
(void) set_config_option(name, value,
context, source,
action, true, 0, false);
else
(void) set_config_option_ext(name, value,
PGC_USERSET, source, InvalidOid,
action, true, 0, false);
pfree(name); pfree(name);
pfree(value); pfree(value);
@ -6262,7 +6281,8 @@ ProcessGUCArray(ArrayType *array,
* to indicate the current table entry is NULL. * to indicate the current table entry is NULL.
*/ */
ArrayType * ArrayType *
GUCArrayAdd(ArrayType *array, const char *name, const char *value) GUCArrayAdd(ArrayType *array, ArrayType **usersetArray,
const char *name, const char *value, bool user_set)
{ {
struct config_generic *record; struct config_generic *record;
Datum datum; Datum datum;
@ -6273,7 +6293,7 @@ GUCArrayAdd(ArrayType *array, const char *name, const char *value)
Assert(value); Assert(value);
/* test if the option is valid and we're allowed to set it */ /* test if the option is valid and we're allowed to set it */
(void) validate_option_array_item(name, value, false); (void) validate_option_array_item(name, value, user_set, false);
/* normalize name (converts obsolete GUC names to modern spellings) */ /* normalize name (converts obsolete GUC names to modern spellings) */
record = find_option(name, false, true, WARNING); record = find_option(name, false, true, WARNING);
@ -6314,6 +6334,27 @@ GUCArrayAdd(ArrayType *array, const char *name, const char *value)
/* check for match up through and including '=' */ /* check for match up through and including '=' */
if (strncmp(current, newval, strlen(name) + 1) == 0) if (strncmp(current, newval, strlen(name) + 1) == 0)
{ {
bool currentUserSet = false;
if (usersetArray)
{
currentUserSet = DatumGetBool(array_ref(*usersetArray, 1, &i,
-1 /* varlenarray */ ,
sizeof(bool) /* BOOL's typlen */ ,
true /* BOOL's typbyval */ ,
TYPALIGN_CHAR /* BOOL's typalign */ ,
&isnull));
if (isnull)
currentUserSet = false;
}
/*
* Recheck permissons if we found an option without USER SET
* flag while we're setting an optionn with USER SET flag.
*/
if (!currentUserSet && user_set)
(void) validate_option_array_item(name, value,
false, false);
index = i; index = i;
break; break;
} }
@ -6326,9 +6367,25 @@ GUCArrayAdd(ArrayType *array, const char *name, const char *value)
-1 /* TEXT's typlen */ , -1 /* TEXT's typlen */ ,
false /* TEXT's typbyval */ , false /* TEXT's typbyval */ ,
TYPALIGN_INT /* TEXT's typalign */ ); TYPALIGN_INT /* TEXT's typalign */ );
if (usersetArray)
*usersetArray = array_set(*usersetArray, 1, &index,
BoolGetDatum(user_set),
false,
-1 /* varlena array */ ,
sizeof(bool) /* BOOL's typlen */ ,
true /* BOOL's typbyval */ ,
TYPALIGN_CHAR /* BOOL's typalign */ );
} }
else else
{
a = construct_array_builtin(&datum, 1, TEXTOID); a = construct_array_builtin(&datum, 1, TEXTOID);
if (usersetArray)
{
datum = BoolGetDatum(user_set);
*usersetArray = construct_array_builtin(&datum, 1, BOOLOID);
}
}
return a; return a;
} }
@ -6340,18 +6397,16 @@ GUCArrayAdd(ArrayType *array, const char *name, const char *value)
* is NULL then a null should be stored. * is NULL then a null should be stored.
*/ */
ArrayType * ArrayType *
GUCArrayDelete(ArrayType *array, const char *name) GUCArrayDelete(ArrayType *array, ArrayType **usersetArray, const char *name)
{ {
struct config_generic *record; struct config_generic *record;
ArrayType *newarray; ArrayType *newarray;
ArrayType *newUsersetArray;
int i; int i;
int index; int index;
Assert(name); Assert(name);
/* test if the option is valid and we're allowed to set it */
(void) validate_option_array_item(name, NULL, false);
/* normalize name (converts obsolete GUC names to modern spellings) */ /* normalize name (converts obsolete GUC names to modern spellings) */
record = find_option(name, false, true, WARNING); record = find_option(name, false, true, WARNING);
if (record) if (record)
@ -6362,11 +6417,13 @@ GUCArrayDelete(ArrayType *array, const char *name)
return NULL; return NULL;
newarray = NULL; newarray = NULL;
newUsersetArray = NULL;
index = 1; index = 1;
for (i = 1; i <= ARR_DIMS(array)[0]; i++) for (i = 1; i <= ARR_DIMS(array)[0]; i++)
{ {
Datum d; Datum d;
Datum userSetDatum = BoolGetDatum(false);
char *val; char *val;
bool isnull; bool isnull;
@ -6380,13 +6437,29 @@ GUCArrayDelete(ArrayType *array, const char *name)
continue; continue;
val = TextDatumGetCString(d); val = TextDatumGetCString(d);
if (usersetArray)
userSetDatum = array_ref(*usersetArray, 1, &i,
-1 /* varlenarray */ ,
sizeof(bool) /* BOOL's typlen */ ,
true /* BOOL's typbyval */ ,
TYPALIGN_CHAR /* BOOL's typalign */ ,
&isnull);
if (isnull)
userSetDatum = BoolGetDatum(false);
/* ignore entry if it's what we want to delete */ /* ignore entry if it's what we want to delete */
if (strncmp(val, name, strlen(name)) == 0 if (strncmp(val, name, strlen(name)) == 0
&& val[strlen(name)] == '=') && val[strlen(name)] == '=')
{
/* test if the option is valid and we're allowed to set it */
(void) validate_option_array_item(name, NULL,
DatumGetBool(userSetDatum), false);
continue; continue;
}
/* else add it to the output array */ /* else add it to the output array */
if (newarray) if (newarray)
{
newarray = array_set(newarray, 1, &index, newarray = array_set(newarray, 1, &index,
d, d,
false, false,
@ -6394,12 +6467,28 @@ GUCArrayDelete(ArrayType *array, const char *name)
-1 /* TEXT's typlen */ , -1 /* TEXT's typlen */ ,
false /* TEXT's typbyval */ , false /* TEXT's typbyval */ ,
TYPALIGN_INT /* TEXT's typalign */ ); TYPALIGN_INT /* TEXT's typalign */ );
if (usersetArray)
newUsersetArray = array_set(newUsersetArray, 1, &index,
userSetDatum,
false,
-1 /* varlena array */ ,
sizeof(bool) /* BOOL's typlen */ ,
true /* BOOL's typbyval */ ,
TYPALIGN_CHAR /* BOOL's typalign */ );
}
else else
{
newarray = construct_array_builtin(&d, 1, TEXTOID); newarray = construct_array_builtin(&d, 1, TEXTOID);
if (usersetArray)
newUsersetArray = construct_array_builtin(&d, 1, BOOLOID);
}
index++; index++;
} }
if (usersetArray)
*usersetArray = newUsersetArray;
return newarray; return newarray;
} }
@ -6410,9 +6499,10 @@ GUCArrayDelete(ArrayType *array, const char *name)
* those that are PGC_USERSET or we have permission to set * those that are PGC_USERSET or we have permission to set
*/ */
ArrayType * ArrayType *
GUCArrayReset(ArrayType *array) GUCArrayReset(ArrayType *array, ArrayType **usersetArray)
{ {
ArrayType *newarray; ArrayType *newarray;
ArrayType *newUsersetArray;
int i; int i;
int index; int index;
@ -6425,11 +6515,13 @@ GUCArrayReset(ArrayType *array)
return NULL; return NULL;
newarray = NULL; newarray = NULL;
newUsersetArray = NULL;
index = 1; index = 1;
for (i = 1; i <= ARR_DIMS(array)[0]; i++) for (i = 1; i <= ARR_DIMS(array)[0]; i++)
{ {
Datum d; Datum d;
Datum userSetDatum = BoolGetDatum(false);
char *val; char *val;
char *eqsgn; char *eqsgn;
bool isnull; bool isnull;
@ -6444,15 +6536,27 @@ GUCArrayReset(ArrayType *array)
continue; continue;
val = TextDatumGetCString(d); val = TextDatumGetCString(d);
if (usersetArray)
userSetDatum = array_ref(*usersetArray, 1, &i,
-1 /* varlenarray */ ,
sizeof(bool) /* BOOL's typlen */ ,
true /* BOOL's typbyval */ ,
TYPALIGN_CHAR /* BOOL's typalign */ ,
&isnull);
if (isnull)
userSetDatum = BoolGetDatum(false);
eqsgn = strchr(val, '='); eqsgn = strchr(val, '=');
*eqsgn = '\0'; *eqsgn = '\0';
/* skip if we have permission to delete it */ /* skip if we have permission to delete it */
if (validate_option_array_item(val, NULL, true)) if (validate_option_array_item(val, NULL,
DatumGetBool(userSetDatum), true))
continue; continue;
/* else add it to the output array */ /* else add it to the output array */
if (newarray) if (newarray)
{
newarray = array_set(newarray, 1, &index, newarray = array_set(newarray, 1, &index,
d, d,
false, false,
@ -6460,13 +6564,29 @@ GUCArrayReset(ArrayType *array)
-1 /* TEXT's typlen */ , -1 /* TEXT's typlen */ ,
false /* TEXT's typbyval */ , false /* TEXT's typbyval */ ,
TYPALIGN_INT /* TEXT's typalign */ ); TYPALIGN_INT /* TEXT's typalign */ );
if (usersetArray)
newUsersetArray = array_set(newUsersetArray, 1, &index,
userSetDatum,
false,
-1 /* varlena array */ ,
sizeof(bool) /* BOOL's typlen */ ,
true /* BOOL's typbyval */ ,
TYPALIGN_CHAR /* BOOL's typalign */ );
}
else else
{
newarray = construct_array_builtin(&d, 1, TEXTOID); newarray = construct_array_builtin(&d, 1, TEXTOID);
if (usersetArray)
newUsersetArray = construct_array_builtin(&userSetDatum, 1, BOOLOID);
}
index++; index++;
pfree(val); pfree(val);
} }
if (usersetArray)
*usersetArray = newUsersetArray;
return newarray; return newarray;
} }
@ -6474,15 +6594,16 @@ GUCArrayReset(ArrayType *array)
* Validate a proposed option setting for GUCArrayAdd/Delete/Reset. * Validate a proposed option setting for GUCArrayAdd/Delete/Reset.
* *
* name is the option name. value is the proposed value for the Add case, * name is the option name. value is the proposed value for the Add case,
* or NULL for the Delete/Reset cases. If skipIfNoPermissions is true, it's * or NULL for the Delete/Reset cases. user_set indicates this is the USER SET
* not an error to have no permissions to set the option. * option. If skipIfNoPermissions is true, it's not an error to have no
* permissions to set the option.
* *
* Returns true if OK, false if skipIfNoPermissions is true and user does not * Returns true if OK, false if skipIfNoPermissions is true and user does not
* have permission to change this option (all other error cases result in an * have permission to change this option (all other error cases result in an
* error being thrown). * error being thrown).
*/ */
static bool static bool
validate_option_array_item(const char *name, const char *value, validate_option_array_item(const char *name, const char *value, bool user_set,
bool skipIfNoPermissions) bool skipIfNoPermissions)
{ {
@ -6518,8 +6639,10 @@ validate_option_array_item(const char *name, const char *value,
{ {
/* /*
* We cannot do any meaningful check on the value, so only permissions * We cannot do any meaningful check on the value, so only permissions
* are useful to check. * are useful to check. USER SET options are always allowed.
*/ */
if (user_set)
return true;
if (superuser() || if (superuser() ||
pg_parameter_aclcheck(name, GetUserId(), ACL_SET) == ACLCHECK_OK) pg_parameter_aclcheck(name, GetUserId(), ACL_SET) == ACLCHECK_OK)
return true; return true;

12
src/backend/utils/misc/guc_funcs.c
View File

@ -166,12 +166,22 @@ ExecSetVariableStmt(VariableSetStmt *stmt, bool isTopLevel)
char * char *
ExtractSetVariableArgs(VariableSetStmt *stmt) ExtractSetVariableArgs(VariableSetStmt *stmt)
{ {
switch (stmt->kind) switch (stmt->kind)
{ {
case VAR_SET_VALUE: case VAR_SET_VALUE:
return flatten_set_variable_args(stmt->name, stmt->args); return flatten_set_variable_args(stmt->name, stmt->args);
case VAR_SET_CURRENT: case VAR_SET_CURRENT:
return GetConfigOptionByName(stmt->name, NULL, false); {
struct config_generic *record;
char *result;
result = GetConfigOptionByName(stmt->name, NULL, false);
record = find_option(stmt->name, false, false, ERROR);
stmt->user_set = (record->scontext == PGC_USERSET);
return result;
}
default: default:
return NULL; return NULL;
} }

5
src/bin/pg_dump/dumputils.c
View File

@ -816,6 +816,7 @@ SplitGUCList(char *rawstring, char separator,
*/ */
void void
makeAlterConfigCommand(PGconn *conn, const char *configitem, makeAlterConfigCommand(PGconn *conn, const char *configitem,
const char *userset,
const char *type, const char *name, const char *type, const char *name,
const char *type2, const char *name2, const char *type2, const char *name2,
PQExpBuffer buf) PQExpBuffer buf)
@ -874,6 +875,10 @@ makeAlterConfigCommand(PGconn *conn, const char *configitem,
else else
appendStringLiteralConn(buf, pos, conn); appendStringLiteralConn(buf, pos, conn);
/* Add USER SET flag if specified in the string */
if (userset && !strcmp(userset, "t"))
appendPQExpBufferStr(buf, " USER SET");
appendPQExpBufferStr(buf, ";\n"); appendPQExpBufferStr(buf, ";\n");
pg_free(mine); pg_free(mine);

1
src/bin/pg_dump/dumputils.h
View File

@ -59,6 +59,7 @@ extern bool SplitGUCList(char *rawstring, char separator,
char ***namelist); char ***namelist);
extern void makeAlterConfigCommand(PGconn *conn, const char *configitem, extern void makeAlterConfigCommand(PGconn *conn, const char *configitem,
const char *userset,
const char *type, const char *name, const char *type, const char *name,
const char *type2, const char *name2, const char *type2, const char *name2,
PQExpBuffer buf); PQExpBuffer buf);

27
src/bin/pg_dump/pg_dump.c
View File

@ -3270,32 +3270,49 @@ dumpDatabaseConfig(Archive *AH, PQExpBuffer outbuf,
PGresult *res; PGresult *res;
/* First collect database-specific options */ /* First collect database-specific options */
printfPQExpBuffer(buf, "SELECT unnest(setconfig) FROM pg_db_role_setting " printfPQExpBuffer(buf, "SELECT unnest(setconfig)");
if (AH->remoteVersion >= 160000)
appendPQExpBufferStr(buf, ", unnest(setuser)");
appendPQExpBuffer(buf, " FROM pg_db_role_setting "
"WHERE setrole = 0 AND setdatabase = '%u'::oid", "WHERE setrole = 0 AND setdatabase = '%u'::oid",
dboid); dboid);
res = ExecuteSqlQuery(AH, buf->data, PGRES_TUPLES_OK); res = ExecuteSqlQuery(AH, buf->data, PGRES_TUPLES_OK);
for (int i = 0; i < PQntuples(res); i++) for (int i = 0; i < PQntuples(res); i++)
makeAlterConfigCommand(conn, PQgetvalue(res, i, 0), {
char *userset = NULL;
if (AH->remoteVersion >= 160000)
userset = PQgetvalue(res, i, 1);
makeAlterConfigCommand(conn, PQgetvalue(res, i, 0), userset,
"DATABASE", dbname, NULL, NULL, "DATABASE", dbname, NULL, NULL,
outbuf); outbuf);
}
PQclear(res); PQclear(res);
/* Now look for role-and-database-specific options */ /* Now look for role-and-database-specific options */
printfPQExpBuffer(buf, "SELECT rolname, unnest(setconfig) " printfPQExpBuffer(buf, "SELECT rolname, unnest(setconfig)");
"FROM pg_db_role_setting s, pg_roles r " if (AH->remoteVersion >= 160000)
appendPQExpBufferStr(buf, ", unnest(setuser)");
appendPQExpBuffer(buf, " FROM pg_db_role_setting s, pg_roles r "
"WHERE setrole = r.oid AND setdatabase = '%u'::oid", "WHERE setrole = r.oid AND setdatabase = '%u'::oid",
dboid); dboid);
res = ExecuteSqlQuery(AH, buf->data, PGRES_TUPLES_OK); res = ExecuteSqlQuery(AH, buf->data, PGRES_TUPLES_OK);
for (int i = 0; i < PQntuples(res); i++) for (int i = 0; i < PQntuples(res); i++)
makeAlterConfigCommand(conn, PQgetvalue(res, i, 1), {
char *userset = NULL;
if (AH->remoteVersion >= 160000)
userset = PQgetvalue(res, i, 2);
makeAlterConfigCommand(conn, PQgetvalue(res, i, 1), userset,
"ROLE", PQgetvalue(res, i, 0), "ROLE", PQgetvalue(res, i, 0),
"DATABASE", dbname, "DATABASE", dbname,
outbuf); outbuf);
}
PQclear(res); PQclear(res);

12
src/bin/pg_dump/pg_dumpall.c
View File

@ -1384,7 +1384,10 @@ dumpUserConfig(PGconn *conn, const char *username)
PQExpBuffer buf = createPQExpBuffer(); PQExpBuffer buf = createPQExpBuffer();
PGresult *res; PGresult *res;
printfPQExpBuffer(buf, "SELECT unnest(setconfig) FROM pg_db_role_setting " printfPQExpBuffer(buf, "SELECT unnest(setconfig)");
if (server_version >= 160000)
appendPQExpBufferStr(buf, ", unnest(setuser)");
appendPQExpBuffer(buf, " FROM pg_db_role_setting "
"WHERE setdatabase = 0 AND setrole = " "WHERE setdatabase = 0 AND setrole = "
"(SELECT oid FROM %s WHERE rolname = ", "(SELECT oid FROM %s WHERE rolname = ",
role_catalog); role_catalog);
@ -1398,8 +1401,13 @@ dumpUserConfig(PGconn *conn, const char *username)
for (int i = 0; i < PQntuples(res); i++) for (int i = 0; i < PQntuples(res); i++)
{ {
char *userset = NULL;
if (server_version >= 160000)
userset = PQgetvalue(res, i, 1);
resetPQExpBuffer(buf); resetPQExpBuffer(buf);
makeAlterConfigCommand(conn, PQgetvalue(res, i, 0), makeAlterConfigCommand(conn, PQgetvalue(res, i, 0), userset,
"ROLE", username, NULL, NULL, "ROLE", username, NULL, NULL,
buf); buf);
fprintf(OPF, "%s", buf->data); fprintf(OPF, "%s", buf->data);

11
src/bin/psql/describe.c
View File

@ -3769,13 +3769,16 @@ listDbRoleSettings(const char *pattern, const char *pattern2)
initPQExpBuffer(&buf); initPQExpBuffer(&buf);
printfPQExpBuffer(&buf, "SELECT rolname AS \"%s\", datname AS \"%s\",\n" printfPQExpBuffer(&buf, "SELECT rolname AS \"%s\", datname AS \"%s\",\n"
"pg_catalog.array_to_string(setconfig, E'\\n') AS \"%s\"\n" "pg_catalog.array_to_string(setconfig, E'\\n') AS \"%s\"",
"FROM pg_catalog.pg_db_role_setting s\n"
"LEFT JOIN pg_catalog.pg_database d ON d.oid = setdatabase\n"
"LEFT JOIN pg_catalog.pg_roles r ON r.oid = setrole\n",
gettext_noop("Role"), gettext_noop("Role"),
gettext_noop("Database"), gettext_noop("Database"),
gettext_noop("Settings")); gettext_noop("Settings"));
if (pset.sversion >= 160000)
appendPQExpBuffer(&buf, ",\npg_catalog.array_to_string(setuser, E'\\n') AS \"%s\"",
gettext_noop("User set"));
appendPQExpBuffer(&buf, "\nFROM pg_catalog.pg_db_role_setting s\n"
"LEFT JOIN pg_catalog.pg_database d ON d.oid = setdatabase\n"
"LEFT JOIN pg_catalog.pg_roles r ON r.oid = setrole\n");
if (!validateSQLNamePattern(&buf, pattern, false, false, if (!validateSQLNamePattern(&buf, pattern, false, false,
NULL, "r.rolname", NULL, NULL, &havewhere, 1)) NULL, "r.rolname", NULL, NULL, &havewhere, 1))
goto error_return; goto error_return;

4
src/bin/psql/tab-complete.c
View File

@ -4442,6 +4442,10 @@ psql_completion(const char *text, int start, int end)
} }
} }
} }
/* Complete ALTER DATABASE|ROLE|USER ... SET ... TO ... USER SET */
else if (HeadMatches("ALTER", "DATABASE|ROLE|USER") &&
TailMatches("SET", MatchAny, "TO|=", MatchAny))
COMPLETE_WITH("USER SET");
/* START TRANSACTION */ /* START TRANSACTION */
else if (Matches("START")) else if (Matches("START"))

2
src/include/catalog/catversion.h
View File

@ -57,6 +57,6 @@
*/ */
/* yyyymmddN */ /* yyyymmddN */
#define CATALOG_VERSION_NO 202212061 #define CATALOG_VERSION_NO 202212091
#endif #endif

2
src/include/catalog/pg_db_role_setting.h
View File

@ -41,6 +41,8 @@ CATALOG(pg_db_role_setting,2964,DbRoleSettingRelationId) BKI_SHARED_RELATION
#ifdef CATALOG_VARLEN /* variable-length fields start here */ #ifdef CATALOG_VARLEN /* variable-length fields start here */
text setconfig[1]; /* GUC settings to apply at login */ text setconfig[1]; /* GUC settings to apply at login */
bool setuser[1]; /* USER SET flags for GUC settings */
#endif #endif
} FormData_pg_db_role_setting; } FormData_pg_db_role_setting;

1
src/include/nodes/parsenodes.h
View File

@ -2257,6 +2257,7 @@ typedef struct VariableSetStmt
char *name; /* variable to be set */ char *name; /* variable to be set */
List *args; /* List of A_Const nodes */ List *args; /* List of A_Const nodes */
bool is_local; /* SET LOCAL? */ bool is_local; /* SET LOCAL? */
bool user_set;
} VariableSetStmt; } VariableSetStmt;
/* ---------------------- /* ----------------------

11
src/include/utils/guc.h
View File

@ -391,11 +391,14 @@ extern void AlterSystemSetConfigFile(AlterSystemStmt *altersysstmt);
extern char *GetConfigOptionByName(const char *name, const char **varname, extern char *GetConfigOptionByName(const char *name, const char **varname,
bool missing_ok); bool missing_ok);
extern void ProcessGUCArray(ArrayType *array, extern void ProcessGUCArray(ArrayType *array, ArrayType *usersetArray,
GucContext context, GucSource source, GucAction action); GucContext context, GucSource source, GucAction action);
extern ArrayType *GUCArrayAdd(ArrayType *array, const char *name, const char *value); extern ArrayType *GUCArrayAdd(ArrayType *array, ArrayType **usersetArray,
extern ArrayType *GUCArrayDelete(ArrayType *array, const char *name); const char *name, const char *value,
extern ArrayType *GUCArrayReset(ArrayType *array); bool user_set);
extern ArrayType *GUCArrayDelete(ArrayType *array, ArrayType **usersetArray,
const char *name);
extern ArrayType *GUCArrayReset(ArrayType *array, ArrayType **usersetArray);
extern void *guc_malloc(int elevel, size_t size); extern void *guc_malloc(int elevel, size_t size);
extern pg_nodiscard void *guc_realloc(int elevel, void *old, size_t size); extern pg_nodiscard void *guc_realloc(int elevel, void *old, size_t size);

1
src/test/modules/Makefile
View File

@ -25,6 +25,7 @@ SUBDIRS = \
test_misc \ test_misc \
test_oat_hooks \ test_oat_hooks \
test_parser \ test_parser \
test_pg_db_role_setting \
test_pg_dump \ test_pg_dump \
test_predtest \ test_predtest \
test_rbtree \ test_rbtree \

1
src/test/modules/meson.build
View File

@ -19,6 +19,7 @@ subdir('test_lfind')
subdir('test_misc') subdir('test_misc')
subdir('test_oat_hooks') subdir('test_oat_hooks')
subdir('test_parser') subdir('test_parser')
subdir('test_pg_db_role_setting')
subdir('test_pg_dump') subdir('test_pg_dump')
subdir('test_predtest') subdir('test_predtest')
subdir('test_rbtree') subdir('test_rbtree')

4
src/test/modules/test_pg_db_role_setting/.gitignore vendored Normal file
View File

@ -0,0 +1,4 @@
# Generated subdirectories
/log/
/results/
/tmp_check/

29
src/test/modules/test_pg_db_role_setting/Makefile Normal file
View File

@ -0,0 +1,29 @@
# src/test/modules/test_pg_db_role_setting/Makefile
MODULE_big = test_pg_db_role_setting
OBJS = \
$(WIN32RES) \
test_pg_db_role_setting.o
EXTENSION = test_pg_db_role_setting
DATA = test_pg_db_role_setting--1.0.sql
PGFILEDESC = "test_pg_db_role_setting - tests for default GUC values stored in pg_db_role_settings"
REGRESS = test_pg_db_role_setting
# disable installcheck for now
NO_INSTALLCHECK = 1
# and also for now force NO_LOCALE and UTF8
ENCODING = UTF8
NO_LOCALE = 1
ifdef USE_PGXS
PG_CONFIG = pg_config
PGXS := $(shell $(PG_CONFIG) --pgxs)
include $(PGXS)
else
subdir = src/test/modules/test_pg_db_role_setting
top_builddir = ../../../..
include $(top_builddir)/src/Makefile.global
include $(top_srcdir)/contrib/contrib-global.mk
endif

143
src/test/modules/test_pg_db_role_setting/expected/test_pg_db_role_setting.out Normal file
View File

@ -0,0 +1,143 @@
CREATE EXTENSION test_pg_db_role_setting;
CREATE USER super_user SUPERUSER;
CREATE USER regular_user;
\c - regular_user
-- successfully set a placeholder value
SET test_pg_db_role_setting.superuser_param = 'aaa';
-- module is loaded, the placeholder value is thrown away
SELECT load_test_pg_db_role_setting();
WARNING: permission denied to set parameter "test_pg_db_role_setting.superuser_param"
load_test_pg_db_role_setting
------------------------------
(1 row)
SHOW test_pg_db_role_setting.superuser_param;
test_pg_db_role_setting.superuser_param
-----------------------------------------
superuser_param_value
(1 row)
SHOW test_pg_db_role_setting.user_param;
test_pg_db_role_setting.user_param
------------------------------------
user_param_value
(1 row)
\c - regular_user
-- fail, not privileges
ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'aaa';
ERROR: permission denied to set parameter "test_pg_db_role_setting.superuser_param"
ALTER ROLE regular_user SET test_pg_db_role_setting.user_param = 'bbb';
ERROR: permission denied to set parameter "test_pg_db_role_setting.user_param"
-- success for USER SET parameters
ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'aaa' USER SET;
ALTER ROLE regular_user SET test_pg_db_role_setting.user_param = 'bbb' USER SET;
\drds regular_user
List of settings
Role | Database | Settings | User set
--------------+----------+---------------------------------------------+----------
regular_user | | test_pg_db_role_setting.superuser_param=aaa+| t +
| | test_pg_db_role_setting.user_param=bbb | t
(1 row)
\c - regular_user
-- successfully set placeholders
SHOW test_pg_db_role_setting.superuser_param;
test_pg_db_role_setting.superuser_param
-----------------------------------------
aaa
(1 row)
SHOW test_pg_db_role_setting.user_param;
test_pg_db_role_setting.user_param
------------------------------------
bbb
(1 row)
-- module is loaded, the placeholder value of superuser param is thrown away
SELECT load_test_pg_db_role_setting();
WARNING: permission denied to set parameter "test_pg_db_role_setting.superuser_param"
load_test_pg_db_role_setting
------------------------------
(1 row)
SHOW test_pg_db_role_setting.superuser_param;
test_pg_db_role_setting.superuser_param
-----------------------------------------
superuser_param_value
(1 row)
SHOW test_pg_db_role_setting.user_param;
test_pg_db_role_setting.user_param
------------------------------------
bbb
(1 row)
\c - super_user
ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'aaa';
\drds regular_user
List of settings
Role | Database | Settings | User set
--------------+----------+---------------------------------------------+----------
regular_user | | test_pg_db_role_setting.superuser_param=aaa+| f +
| | test_pg_db_role_setting.user_param=bbb | t
(1 row)
\c - regular_user
-- don't have a priviledge to change superuser value to user set one
ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'ccc' USER SET;
ERROR: permission denied to set parameter "test_pg_db_role_setting.superuser_param"
\c - super_user
SELECT load_test_pg_db_role_setting();
load_test_pg_db_role_setting
------------------------------
(1 row)
-- give the privilege to set SUSET param to the regular user
GRANT SET ON PARAMETER test_pg_db_role_setting.superuser_param TO regular_user;
\c - regular_user
ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'ccc';
\drds regular_user
List of settings
Role | Database | Settings | User set
--------------+----------+---------------------------------------------+----------
regular_user | | test_pg_db_role_setting.superuser_param=ccc+| f +
| | test_pg_db_role_setting.user_param=bbb | t
(1 row)
\c - regular_user
-- successfully set placeholders
SHOW test_pg_db_role_setting.superuser_param;
test_pg_db_role_setting.superuser_param
-----------------------------------------
ccc
(1 row)
SHOW test_pg_db_role_setting.user_param;
test_pg_db_role_setting.user_param
------------------------------------
bbb
(1 row)
-- module is loaded, and placeholder values are succesfully set
SELECT load_test_pg_db_role_setting();
load_test_pg_db_role_setting
------------------------------
(1 row)
SHOW test_pg_db_role_setting.superuser_param;
test_pg_db_role_setting.superuser_param
-----------------------------------------
ccc
(1 row)
SHOW test_pg_db_role_setting.user_param;
test_pg_db_role_setting.user_param
------------------------------------
bbb
(1 row)

35
src/test/modules/test_pg_db_role_setting/meson.build Normal file
View File

@ -0,0 +1,35 @@
# FIXME: prevent install during main install, but not during test :/
test_pg_db_role_setting_sources = files(
'test_pg_db_role_setting.c',
)
if host_system == 'windows'
test_pg_db_role_setting_sources += rc_lib_gen.process(win32ver_rc, extra_args: [
'--NAME', 'test_pg_db_role_setting',
'--FILEDESC', 'test_pg_db_role_setting - tests for default GUC values stored in pg_db_role_settings',])
endif
test_pg_db_role_setting = shared_module('test_pg_db_role_setting',
test_pg_db_role_setting_sources,
kwargs: pg_mod_args,
)
testprep_targets += test_pg_db_role_setting
install_data(
'test_pg_db_role_setting.control',
'test_pg_db_role_setting--1.0.sql',
kwargs: contrib_data_args,
)
tests += {
'name': 'test_pg_db_role_setting',
'sd': meson.current_source_dir(),
'bd': meson.current_build_dir(),
'regress': {
'sql': [
'test_pg_db_role_setting',
],
'regress_args': ['--no-locale', '--encoding=UTF8'],
},
}

63
src/test/modules/test_pg_db_role_setting/sql/test_pg_db_role_setting.sql Normal file
View File

@ -0,0 +1,63 @@
CREATE EXTENSION test_pg_db_role_setting;
CREATE USER super_user SUPERUSER;
CREATE USER regular_user;
\c - regular_user
-- successfully set a placeholder value
SET test_pg_db_role_setting.superuser_param = 'aaa';
-- module is loaded, the placeholder value is thrown away
SELECT load_test_pg_db_role_setting();
SHOW test_pg_db_role_setting.superuser_param;
SHOW test_pg_db_role_setting.user_param;
\c - regular_user
-- fail, not privileges
ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'aaa';
ALTER ROLE regular_user SET test_pg_db_role_setting.user_param = 'bbb';
-- success for USER SET parameters
ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'aaa' USER SET;
ALTER ROLE regular_user SET test_pg_db_role_setting.user_param = 'bbb' USER SET;
\drds regular_user
\c - regular_user
-- successfully set placeholders
SHOW test_pg_db_role_setting.superuser_param;
SHOW test_pg_db_role_setting.user_param;
-- module is loaded, the placeholder value of superuser param is thrown away
SELECT load_test_pg_db_role_setting();
SHOW test_pg_db_role_setting.superuser_param;
SHOW test_pg_db_role_setting.user_param;
\c - super_user
ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'aaa';
\drds regular_user
\c - regular_user
-- don't have a priviledge to change superuser value to user set one
ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'ccc' USER SET;
\c - super_user
SELECT load_test_pg_db_role_setting();
-- give the privilege to set SUSET param to the regular user
GRANT SET ON PARAMETER test_pg_db_role_setting.superuser_param TO regular_user;
\c - regular_user
ALTER ROLE regular_user SET test_pg_db_role_setting.superuser_param = 'ccc';
\drds regular_user
\c - regular_user
-- successfully set placeholders
SHOW test_pg_db_role_setting.superuser_param;
SHOW test_pg_db_role_setting.user_param;
-- module is loaded, and placeholder values are succesfully set
SELECT load_test_pg_db_role_setting();
SHOW test_pg_db_role_setting.superuser_param;
SHOW test_pg_db_role_setting.user_param;

7
src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting--1.0.sql Normal file
View File

@ -0,0 +1,7 @@
/* src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting--1.0.sql */
-- complain if script is sourced in psql, rather than via CREATE EXTENSION
\echo Use "CREATE EXTENSION test_pg_db_role_setting" to load this file. \quit
CREATE FUNCTION load_test_pg_db_role_setting() RETURNS void
AS 'MODULE_PATHNAME' LANGUAGE C;

57
src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting.c Normal file
View File

@ -0,0 +1,57 @@
/*--------------------------------------------------------------------------
*
* test_pg_db_role_setting.c
* Code for testing mandatory access control (MAC) using object access hooks.
*
* Copyright (c) 2022, PostgreSQL Global Development Group
*
* IDENTIFICATION
* src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting.c
*
* -------------------------------------------------------------------------
*/
#include "postgres.h"
#include "utils/guc.h"
PG_MODULE_MAGIC;
PG_FUNCTION_INFO_V1(load_test_pg_db_role_setting);
static char *superuser_param;
static char *user_param;
/*
* Module load callback
*/
void
_PG_init(void)
{
DefineCustomStringVariable("test_pg_db_role_setting.superuser_param",
"Sample superuser parameter.",
NULL,
&superuser_param,
"superuser_param_value",
PGC_SUSET,
0,
NULL, NULL, NULL);
DefineCustomStringVariable("test_pg_db_role_setting.user_param",
"Sample user parameter.",
NULL,
&user_param,
"user_param_value",
PGC_USERSET,
0,
NULL, NULL, NULL);
}
/*
* Empty function, which is used just to trigger load of this module.
*/
Datum
load_test_pg_db_role_setting(PG_FUNCTION_ARGS)
{
PG_RETURN_VOID();
}

7
src/test/modules/test_pg_db_role_setting/test_pg_db_role_setting.control Normal file
View File

@ -0,0 +1,7 @@
# test_pg_db_role_setting extension
comment = 'test_pg_db_role_setting - tests for default GUC values stored in pg_db_role_setting'
default_version = '1.0'
module_pathname = '$libdir/test_pg_db_role_setting'
relocatable = true
superuser = false
trusted = true

6
src/test/regress/expected/psql.out
View File

@ -6188,9 +6188,9 @@ List of schemas
(0 rows) (0 rows)
\drds "no.such.setting" \drds "no.such.setting"
List of settings List of settings
Role | Database | Settings Role | Database | Settings | User set
------+----------+---------- ------+----------+----------+----------
(0 rows) (0 rows)
\dRp "no.such.publication" \dRp "no.such.publication"